Session is lost and created as new in every servlet request

by

One possible cause for this is having a “naked” host name (i.e. one without a domain part). That’s fairly common if you’re working in an Intranet.

The problem is that almost all browsers cookies will not accept cookies for hostnames without a domain name. That’s done in order to prevent evilsite.com from setting a Cookie for com (which would be bad, as it would be the ultimate tracking cookie).

So if you access your applicaton via http://examplehost/ it won’t accept any cookie, while for http://examplehost.localdomain/ it will accept (and return) the cookie just fine.

The nasty thing about that is that the server can’t distinguish between “the browser got the cookie and ignored it” and “the browser never got the cookie”. So each single access will look like a completely new sesson to the server.

More Related Contents:

  1. Sharing session data between contexts in Tomcat
  2. Tomcat 10.0.4 doesn’t load servlets (@WebServlet classes) with 404 error [duplicate]
  3. What is recommended way for spawning threads from a servlet in Tomcat
  4. How do I keep a user logged into my site for months?
  5. How to set request encoding in Tomcat?
  6. Any way to share session state between different applications in tomcat?
  7. Unable to compile class for JSP: The type java.util.Map$Entry cannot be resolved. It is indirectly referenced from required .class files
  8. How to configure Tomcat to connect with MySQL
  9. _jspService is exceeding the 65535 bytes limit
  10. how to get a client’s MAC address from HttpServlet?
  11. Retrieving servlet context, session and request in a POJO outside container
  12. java.lang.NoClassDefFoundError: javax/servlet/http/HttpServletRequest
  13. Exposing resources from jar files in web applications (Tomcat7)
  14. sending variable from one jsp to another jsp
  15. Embedded tomcat 7 servlet 3.0 annotations not working
  16. How to invoke a servlet without mapping in web.xml?
  17. Is there a url rewriting engine for Tomcat/Java?
  18. Managing webapp session data/controller flow for multiple tabs
  19. Can I serve JSPs from inside a JAR in lib, or is there a workaround?
  20. Detecting client disconnect in tomcat servlet?
  21. How to set session timeout dynamically in Java web applications?
  22. How to call a method before the session object is destroyed?
  23. How to store a file on a server(web container) through a Java EE web application?
  24. How to add response headers based on Content-type; getting Content-type before the response is committed
  25. Is synchronization within an HttpSession feasible?
  26. How can I manually load a Java session using a JSESSIONID?
  27. How do I send an e-mail in Java?
  28. HTTP Status 500 – Error instantiating servlet class pkg.coreServlet
  29. Find number of active sessions created from a given client IP
  30. Disable all default HTTP error response content in Tomcat

Leave a Comment